- Google recently decided to log Chrome users in automatically, a move that some researchers said risked users privacy.
- The search company was heavily criticized after a security researcher discovered the change and the fact that Google hadn’t notified users about the switch.
- On Tuesday, Google provided more ways that Chrome users can protect their privacy, including the ability to turn off the auto-login feature.
Google on Tuesday seemed to go out of its way to squash a controversy over recent changes to the popular Chrome browser.
On Sunday, Matthew Green, a security researcher and professor at Johns Hopkins, revealed that Google had quietly started automatically logging in Chrome users. Anytime someone signed on to one of Google’s properties, such as Gmail or Google Drive, they would be automatically be logged into their Chrome accounts as well.
Green said that he and many others had chosen not to sign in as a added layer of protection from accidentally sharing their browser histories with Google.
Before the recent change, users had to take two steps in order to turn their browser data over to Google. They needed to sign in, and then agree to sync their info. If users were automatically signed in by Google, one of those steps disappeared.
Green also accused Google of making the new sync-consent page more confusing. He said this would make it much easier for users to mistakenly turn over their info. Green predicted that the change would result in a hit to Google’s reputation.
‘We want to be clearer about your sign-in state’
But managers at Chrome on Tuesday acknowledged the complaints. In response, the company said a forthcoming Chrome update, due next month, will add the option of turning off the links between Chrome’s login with the login for Google’s other properties.
Google will also update the user interface to make it more obvious whether a user is sharing data with the company. In a statement, Zach Koch, Chrome product manager, said, “We want to be clearer about your sign-in state and whether or not you’re syncing data to our Google account.”
Finally, Koch said that the company will change the way it manages authorization cookies.
“In the current version of Chrome,” Koch said, “we keep the Google auth cookies to allow you to stay signed in after the cookies are cleared. We will change this behavior so all cookies are deleted, and you will be signed out.”
Google says the reason it changed the login procedures was to “simplify the way Chrome handles sign-in.”
Green expressed skepticism about Google’s reasoning. The search giant has yet to explain why it made the change without notifying users in the first place.